月份: 2017-05

SMB漏洞ms17-010补丁及勒索比特币病毒(WanaCrypt0r 2.0)的预防方法

之前一段时间就已经爆出了这个漏洞,似乎大家都没怎么重视,这次比特币勒索病毒大爆发了,大家估计都要紧张起来了,这里给出补丁直连地址和一些预防方法

一、windows系统windowsupdate预防

Win10 1703 (15063):默认处于不会感染的系统

Win10 1607 (14393)和windows server 2016:安装KB4013429

Win 10 1511 (10586):安装KB4013198

Win 10 1507 (10240):KB4012606

Win 8.1:KB4012213、KB4012216

Windows server 2012、windows server 2012 R2:KB4012213、KB4012214、KB4012216、KB4012217

Win 7 SP1和windows server 2008 R2:KB4012212、KB4012215

其他系统请到微软KB4012598中选择必要更新:http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598或下文直接下载补丁

1、确保135,137,139,445端口已通过路由器、端口策略,防火墙封闭的,或者其他安全工具(比如360NSA武器库免疫工具:http://dl.360safe.com/nsa/nsatool.exe)补丁过的,可以不打微软补丁,但若不清楚或者不确定的,请务必打上微软的补丁

2、2008和2003、XP必打,现在均有漏洞批量利用工具
2012和2016好一些没有大面积被黑,但是都建议打上对应补丁,因为没有批量利用工具做出来,不代表这个漏洞是无法利用的,有可能只是工具还没开发出来而已,打上更安全

除了以上必须更新以外,建议一并安装所有windowsupdate补丁。

注:CMD或win + R:输入「winver」查询系统版本号

二、关闭WanaCrypt0r 2.0入侵端口
2.1
需要使用到系统的防火墙,需要的同学请自行度娘或放狗搜索:「关闭445、135、137、139端口」。

2.2
关闭「SMB 1.0/CIFS 文件共享支持」

「控制面板」 – 「启用或关闭windows功能」 – 去掉「SMB 1.0/CIFS 文件共享支持」对勾,确认,重启。


注册表:
管理员权限:CMD:「reg add “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters” /v “SMB1” /t REG_DWORD /d 0 /f」

关闭SMB的危害:「如何启用和禁用 SMBv1、 SMBv2 和 SMBv3 窗口和 Windows 服务器中:https://support.microsoft.com/zh-cn/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

以下为20170513微软最新发布的XP和2003特别版补丁

首发Hostloc.com,Captain整理,转载请务必保留此行
http://www.hostloc.com/thread-365738-1-1.html

20170513微软发布了Windows XP和Windows 2003的ms17-010特别版补丁,详情请看以下链接

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

winxp特别补丁 – KB4012598

winxp sp3 32位 Security Update for Windows XP SP3 (KB4012598)
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-chs_dca9b5adddad778cfd4b7349ff54b51677f36775.exe

winxp sp2 64位 Security Update for Windows XP SP2 for x64-based Systems (KB4012598)
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe


win2003特别补丁 – KB4012598

win2003 32位 Security Update for Windows Server 2003 (KB4012598)
http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x86-custom-chs_b45d2d8c83583053d37b20edf5f041ecede54b80.exe

win2003 64位 Security Update for Windows Server 2003 for x64-based Systems (KB4012598)
http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-chs_68a2895db36e911af59c2ee133baee8de11316b9.exe

以下为2008R2 SP1、2012R2、2016补丁


2008R2 SP1补丁 KB4012212、KB4012215

March, 2017 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4012212)
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu

March, 2017 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4012215)
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x64_a777b8c251dcd8378ecdafa81aefbe7f9009c72b.msu


2012R2补丁 KB4012213、KB4012216

March, 2017 Security Only Quality Update for Windows Server 2012 R2 (KB4012213)
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x64_5b24b9ca5a123a844ed793e0f2be974148520349.msu
March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x64_cd5e0a62e602176f0078778548796e2d47cfa15b.msu


2016补丁 KB4013429

Cumulative Update for Windows Server 2016 for x64-based Systems (KB4013429)
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows10.0-kb4013429-x64_ddc8596f88577ab739cade1d365956a74598e710.msu

以下为win7 SP1和win10 1607补丁


win7 SP1补丁 KB4012212、KB4012215

win7 SP1 32位
March, 2017 Security Only Quality Update for Windows 7 (KB4012212)
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_6bb04d3971bb58ae4bac44219e7169812914df3f.msu

March, 2017 Security Monthly Quality Rollup for Windows 7 (KB4012215)
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x86_e5918381cef63f171a74418f12143dabe5561a66.msu

win7 SP1 64位
March, 2017 Security Only Quality Update for Windows 7 for x64-based Systems (KB4012212)
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu

March, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4012215)
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x64_a777b8c251dcd8378ecdafa81aefbe7f9009c72b.msu


win10 1607补丁 KB4013429

win10 1607 32位
Cumulative Update for Windows 10 Version 1607 (KB4013429)
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows10.0-kb4013429-x86_8b376e3d0bff862d803404902c4191587afbf065.msu

win10 1607 64位
Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4013429)
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows10.0-kb4013429-x64_ddc8596f88577ab739cade1d365956a74598e710.msu

参考资料:

  1. 勒索比特币病毒(WanaCrypt0r 2.0)的预防方法

  2. Win2003到2016各版服务器操作系统SMB漏洞ms17-010补丁地址

LNMP非正常关闭导致的NGINX出错

之前折腾机子,导致机子崩溃了,LNMP非正常关闭,开机后NGINX无法启动。

显示如下:

Stoping LNMP…
Stoping nginx… nginx: [alert] kill(6036, 15) failed (3: No such process)

  1. Use force-quit
    Shutting down MySQL. SUCCESS!

Gracefully shutting down php-fpm . done
Gracefully shutting down php-fpm . done
Starting LNMP…
Starting nginx… nginx (pid ) already running.
Starting MySQL.. SUCCESS!
Starting php-fpm done
Starting php-fpm done

查找资料后找到个军哥给的回复:

nginx非正常关闭后pid文件没被删除,可以 rm -f /usr/local/nginx/logs/nginx.pid
后再看一下

lnmp restart启动nginx失败